The present disclosure relates to a method for blocking the connection of an electronic device inside a wireless intrusion prevention system, the method comprising the steps of: successively monitoring wireless frames in a plurality of channels through a first communication module; generating a first blocking message on the basis of at least one wireless frame received as a result of the monitoring and generating a second blocking message on the basis of a first wireless frame, to which a predetermined wireless network technology has been applied, among the at least one wireless frame; and transmitting at least one of the first and second blocking messages through a second communication module. The present disclosure is not limited to the above embodiment, and other embodiments are also possible.
Legal claims defining the scope of protection, as filed with the USPTO.
1. An access blocking method of an electronic device within a wireless intrusion prevention system, comprising: monitoring wireless frames in a plurality of channels through using a first communication module; generating a first blocking message based on at least one wireless frame and generating a second blocking message based on a first wireless frame to which a predetermined security technology has been applied, in parallel; and transmitting at least one of the first and the second blocking messages using a second communication module, wherein the at least one wireless frame belongs to wireless frames determined to have violated a policy and excluding the first wireless frame from the monitored wireless frames.
2. The access blocking method of claim 1 , wherein the monitoring of the wireless frames comprises dynamically allocating a channel belonging to the plurality of channels and through which the first wireless frame has been transmitted additionally for the monitoring.
3. The access blocking method of claim 1 , wherein the generating of the first blocking message comprises: determining that the policy for the at least one wireless frame has been violated based on policy information and a blocking list; and generating the first blocking message for the at least one wireless frame.
4. The access blocking method of claim 1 , wherein the generating of the second blocking message comprises: generating a fake beacon message having a characteristic different from a characteristic of a beacon message in case that the first wireless frame is the beacon message and a policy application related to the predetermined security technology has been activated; and generating policy violation expectation information for the first wireless frame in case that the first wireless frame is the beacon message and the policy application related to the predetermined security technology has not been activated and generating the fake beacon message based on the expectation information when the policy application related to the predetermined security technology is subsequently activated.
5. The access blocking method of claim 1 , wherein the generating of the second blocking message comprises: generating the second blocking message in case that the first wireless frame is a probe message and a policy application related to the predetermined security technology has been activated; and generating policy violation expectation information for the first wireless frame in case that the first wireless frame is the probe message and the policy application related to the predetermined security technology has not been activated and generating the second blocking message based on the expectation information when the policy application related to the predetermined security technology is subsequently activated.
6. The access blocking method of claim 1 , further comprising receiving, from a server, policy information and a blocking list used for determining that the policy has been violated.
7. The access blocking method of claim 1 , wherein a wireless network applying the predetermined security technology comprises IEEE 802.11w.
8. An electronic device within a wireless intrusion prevention system, comprising: a first communication module; a second communication module; and a controller configured to control to: monitor wireless frames in a plurality of channels using the first communication module, generate a first blocking message based on at least one wireless frame and generate a second blocking message based on a first wireless frame to which a predetermined security technology has been applied, in parallel, and transmit at least one of the first and the second blocking messages using the second communication module, wherein the at least one wireless frame belongs to wireless frames determined to have violated a policy and excluding the first wireless frame from the monitored wireless frames.
9. The electronic device of claim 8 , wherein the controller is configured to dynamically allocate a channel belonging to the plurality of channels and through which the first wireless frame has been transmitted additionally for the monitoring.
10. The electronic device of claim 8 , wherein the controller is configured to: determine that the policy for the at least one wireless frame has been violated based on policy information and a blocking list, and generate the first blocking message for the at least one wireless frame.
11. The electronic device of claim 8 , wherein the controller is configured to: generate a fake beacon message having a characteristic different from a characteristic of a beacon message in case that the first wireless frame is the beacon message and a policy application related to the predetermined security technology has been activated, and generate policy violation expectation information for the first wireless frame in case that the first wireless frame is the beacon message and the policy application related to the predetermined security technology has not been activated and generate the fake beacon message based on the expectation information when the policy application related to the predetermined security technology is subsequently activated.
12. The electronic device of claim 8 , wherein the controller is configured to: generate the second blocking message in case that the first wireless frame is a probe message and a policy application related to the predetermined security technology has been activated; and generate policy violation expectation information for the first wireless frame in case that the first wireless frame is the probe message and the policy application related to the predetermined security technology has not been activated and generate the second blocking message based on the expectation information when the policy application related to the predetermined security technology is subsequently activated.
13. The electronic device of claim 8 , wherein the controller is configured to control to receive, from a server, policy information and a blocking list used for determining that the policy has been violated.
14. The electronic device of claim 8 , wherein a wireless network applying the predetermined security technology comprises IEEE 802.11w.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
November 28, 2016
November 10, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.